HomeMalware & ThreatsSpoofed Zoom, Google & Skype Meetings Infect Corporate Systems with RATs

Spoofed Zoom, Google & Skype Meetings Infect Corporate Systems with RATs

Published on

spot_img

In a recent development, a threat actor has been detected creating fake Skype, Google Meet, and Zoom meetings as a means to distribute commodity malware that can potentially steal sensitive data from Android and Windows users. This campaign, which first emerged in December, has raised concerns among cybersecurity experts for its potential threat to corporate users.

Researchers from Zcaler’s ThreatLabz uncovered this emerging cybersecurity threat on March 6, highlighting how the attackers are utilizing shared Web hosting to host fraudulent online meeting sites on a single IP address. By using URLs that closely resemble the legitimate websites of the targeted services, such as “join-skype[.]info” for Skype, “online-cloudmeeting[.]pro” for Google Meet, and “us06webzoomus[.]pro” for Zoom, the threat actors aim to deceive unsuspecting users into clicking on malicious links.

The threat actors behind this scheme are employing various tactics to deliver harmful payloads to target both Android and Windows users. Android users are at risk of falling victim to the SpyNote RAT, while Windows users may be targeted with NjRAT and DCRat, which are capable of compromising their systems and stealing confidential information.

According to the researchers Himanshu Sharma, Arkaprva Tripathl, and Meghraj Nandanwar from ThreatLabz, these lures are being used to propagate Remote Access Trojans (RATs) that can log keystrokes, steal files, and extract sensitive data from compromised devices.

The attackers initiated their deceptive tactics in December by impersonating Skype and Google Meet users, gradually expanding their scope to include Zoom impersonation in January. Each campaign comes with its unique lure and attack vector, with the Skype campaign directing Windows users to download a malicious executable file disguised as a legitimate Skype application. Similarly, the fake Google Meet site offers links to download what appears to be Skype applications for Android (SpyNote RAT) and Windows (DCRat payload).

The fake Zoom site employs an additional trick to trick users by presenting a link with a subpath that closely mirrors a legitimate Zoom meeting ID, further enhancing the deception. Furthermore, both the fake Google Meet and Zoom websites feature an open directory containing two additional Windows executable files (driver.exe and meet.exe) that hide the NjRAT payload, hinting at potential future campaigns utilizing these files.

To protect themselves against evolving cyber threats like this one, enterprises are urged to implement security measures to guard against advanced malware attacks. Regular updates and security patches are crucial in reducing vulnerabilities exploited by attackers, minimizing the risk of compromise. Additionally, the researchers shared a list of specific MITRE ATT&CK techniques identified during their sandbox analysis process to aid in the detection and mitigation of similar threats.

In conclusion, the emergence of fake online meetings as a vehicle for malware distribution underscores the importance of vigilance and proactive cybersecurity measures to safeguard business users against evolving cyber threats. By staying informed and implementing robust security protocols, organizations can mitigate the risks posed by such malicious campaigns and protect their valuable data from unauthorized access and exploitation.

Source link

Latest articles

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...

Reducing Threats from the IABs Market

As ransomware attacks continue to escalate in frequency and severity, one of the key...

More like this

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...
en_USEnglish